I have decided to not use a real time antivirus as I don't like the resource usage. But I would like to be able to have a program to block malicious url's/IP addresses that stays up to date. I'm not 100% sure I need such a program to scan web pages in real time, so maybe one that updates blacklisted sites often would fit my needs. I have tried WOT and it's ok although I have some doubts about it being updated quickly. I've tried the AVG link scanner and it's ok but my web browsing takes a hit because all the links seem to be scanned real time, same issue with the web scanner by Bitdefender. I hear Panda has a nice one that can be installed separately but have not tried it.

Is there a web filter that blocks black listed url's and IP addresses which is updated regularly (such as hourly or several times a day)? Or would a host file or DNS service be better for my needs? Or maybe a firewall that updates a black list regularly? I use Ad Muncher but it does not reliably block malicious sites. I also use Chrome with scripting disabled but that is white list based and I'm not sure how effective it is if a white listed site is hacked.

Any suggestions?

I have been using Blue Coat K9 Web Protection . You can custom select what you want. I just use malware and phishing options.

http://www1.k9webprotection.com/

Have you considered using light virtualization with an anti-executable? Virtually no impact on performance, and extremely secure. You could use something like Shadow Defender, and Appguard. Very Secure, and very light weight. It would be extremely difficult to keep any blocklist up to date for zero day malware. AV's have to rely on generic heuristic signatures to block by behavior to bridge the gap. I would reevaluate your intentions of trying to rely on a blocklist. Its not a good strategy. Its a good tool to add to your security setup, but not good for being your sole defense.

-{ Quote: "I have been using Blue Coat K9 Web Protection . You can custom select what you want. I just use malware and phishing options.

http://www1.k9webprotection.com/" }-
If you decide to stick with your plan which I would not advise then K9webprotection is very good as Sevens has posted. You could also look into using a DNS service like Open DNS.

I have sandboxie paid version and am looking for a way to block malicious IP's and url's. I'm pretty sure sandboxie can protect against most web threats although I have read sbie does not protect against some. I have sbie to be able allow direct access in my browsers to bookmarks, cookies and preferences. That's about the only way I'll use sbie as I have to save many new bookmarks daily.

-{ Quote: "I have sandboxie paid version and am looking for a way to block malicious IP's and url's. I'm pretty sure sandboxie can protect against most web threats although I have read sbie does not protect against some. I have sbie to be able allow direct access in my browsers to bookmarks, cookies and preferences. That's about the only way I'll use sbie as I have to save many new bookmarks daily." }-

I don't believe blocking IPs is possible in sandboxie, it's really not meant for blocking anything (of course you can block all but the processes you allow) like that.

-{ Quote: "I have been using Blue Coat K9 Web Protection . You can custom select what you want. I just use malware and phishing options.

http://www1.k9webprotection.com/" }-

Wow, I just tested this out and it works quite well. I might add this to my arsenal of security. It also seems super lightweight on resources too.

-{ Quote: "I don't believe blocking IPs is possible in sandboxie, it's really not meant for blocking anything (of course you can block all but the processes you allow) like that." }-
Really? I did not realize that. Blocking IP's or url's is not possible with a sandboxed browser? Ad Muncher seems to work ok when my browser is sandboxed and I think it blocks ads from loading as opposed to just hiding them...I could be wrong about that though.

-{ Quote: "Wow, I just tested this out and it works quite well. I might add this to my arsenal of security. It also seems super lightweight on resources too." }-
I used K9 Web Filter for several years, and it works great! Beware of possible conflicts though. I was having a problem installing and updating Prevx 2 once, and it took me forever to realize that it was K9 Web filter that was blocking Prevx 2 from communicating with the Prevx server. It has since been fixed, but I thought I should inform you in case you run into similar problems to help you save time in trouble shooting. It took me days before I realized the problem. Also it caused a slow down in webpages loading at times, and sometimes pages would have anomalies in them. Its content blocking is superb though, and it blocks most malicious web pages. Its web filtering works much better than my Netgear Prosecure UTM if that gives you any ideal of how great it works.

-{ Quote: "Really? I did not realize that. Blocking IP's or url's is not possible with a sandboxed browser? " }-
I think DW meant that SBIE itself does not block URLs but while using a sandboxed browser, Panda, Traffic Light, MBAM or any of the other available applications that block URLs work just fine. I am not using any but I tried a few, Panda URL filter is the one I liked best.

Bo

-{ Quote: "I think DW meant that SBIE itself does not block URLs but while using a sandboxed browser, Panda, Traffic Light, MBAM or any of the other available applications that block URLs work just fine. I am not using any but I tried a few, Panda URL filter is the one I liked best.

Bo" }-
OK. I was aware that sbie could not block IP addresses. Does Panda use a blacklist or does it scan for threats in real time through their cloud somehow? Also, is there a way to install just the web scanner and is the web scanner configurable (ie. white list, etc)?

-{ Quote: "OK. Does Panda use a blacklist or does it scan for threats in real time through their cloud somehow? Also, is there a way to install just the web scanner and is the web scanner configurable (ie. white list, etc)?" }-
It downloads definitions to your computer 3 or 4 times a day, you can follow the updates in a folder that Panda uses located in Document and Settings. To install it, you have to install the toolbar. After you install the Panda toolbar, you can uninstall it immediately. It also installs something else which you can also uninstall. Afterward, only the Filter remains. I only used it for a few days but I thought it was pretty good even though its not configurable.

Bo

-{ Quote: "It downloads definitions to your computer 3 or 4 times a day, you can follow the updates in a folder that Panda uses located in Document and Settings. To install it, you have to install the toolbar. After you install the Panda toolbar, you can uninstall it immediately. It also installs something else which you can also uninstall. Afterward, only the Filter remains. I only used it for a few days but I thought it was pretty good even though its not configurable.

Bo" }-
ok, thanks for the info

Panda web-filter is great, and barely uses any resources at all.

I'm going to try MBAM Pro web filtering with real time protection disabled and see how it goes. Does anyone know what services, blacklist sites, etc that MBAM uses in its web filtering?

I'm also a huge fan of Bluecoat K9. And it's free.

just use Norton ConnectSafe (https://dns.norton.com/dnsweb/dnsForHome.do)

-{ Quote: "I'm also a huge fan of Bluecoat K9. And it's free." }-
But would it conflict with other web filters like dns services or add-ons(wot, trafficlight) or Security Suite built-on web filters?

Because it says here (http://www1.k9webprotection.com/aboutk9/how-k9-different), 'While some product suites include Web filtering, these filters may not be as robust or detailed as Blue Coat’s technology. We recommend that you use K9 instead of the Web filter you find in a product suite, unless it’s based on Blue Coat’s K9 technology.'

Also because it says here (http://www1.k9webprotection.com/aboutk9/product-features), 'K9 Web Protection is compatible with the following third-party personal firewall and Internet security products:

Personal firewalls: Comodo
Anti-virus products: Avast, Avira
Internet security suites: McAfee, F-Secure, Norton/Symantec, Computer Associates and Check Point ZoneAlarm'

Which means other products suites are not compatible, right?

is anyone using the k9 product with ad muncher?

-{ Quote: "I have decided to not use a real time antivirus as I don't like the resource usage. But I would like to be able to have a program to block malicious url's/IP addresses that stays up to date. Is there a web filter that blocks black listed url's and IP addresses which is updated regularly (such as hourly or several times a day)? Or would a host file or DNS service be better for my needs?

I use Ad Muncher but it does not reliably block malicious sites. I also use Chrome with scripting disabled but that is white list based and I'm not sure how effective it is if a white listed site is hacked.

Any suggestions?" }-


Set Norton DNS or Comodo as default in either your Router (preferable) or your network connection (it is explained at Norton ConectSafe website). Check with your real browsing history which DNS provider scores better for you (don't use a default set, Chrome and Comodo use a two phase caching mechanism, top ranked websites are all in this DNS "super" cache, so theoretical test will differ from real life experience, use a list based on your browsing history/surfing habits).


Use Chromium for a while, enable Phising and Malware protection. Check for yourself using Malware Domain Lists or others, both websites and downloads will be catched with this combi. Absolutely lowest on impact on performance. Only not using any kind of protection will have less drag on system.

DNS filtering
==> it doest not happen on your PC, but on the server of the DNS provider, so effective and impact free

Google's Phising & Malware
==> based on part of the webaddress which is updated every half hour and loaded in browser (in memory, so near zero I/O). When part of the pattern matches the webaddres (a so called "index" match), the full adress is checked against a second black list with full addresses, but organised in pattern index (to minimize search & IO time). So instead of searching through all streets in the USA for roads with nasty potholes, it first checks on postal code globally then zoom's in on street name/house numbers

Check it your self, and the results will convince you


At javascript.
Chrome does not uses shared libraries, but assigns hidden classes to Javascript. This is simular to the ASLR randomising mechanism, but on a much more detailed level for code libraries, so I would not worry about Javascript whitelist being hacked. Chromium now runs with Untrusted (in Win7) and AppContainer (in Win8 ), sandboxes, so I would not worry about Javascript white list being hacked (renderer boxes now run Untrusted with build in Chrome flash and pdf running low, so javascript in Untrusted can't touch plug-ins running Low integrity).

-{ Quote: "I used K9 Web Filter for several years, and it works great! Beware of possible conflicts though. I was having a problem installing and updating Prevx 2 once, and it took me forever to realize that it was K9 Web filter that was blocking Prevx 2 from communicating with the Prevx server. It has since been fixed, but I thought I should inform you in case you run into similar problems to help you save time in trouble shooting. It took me days before I realized the problem. Also it caused a slow down in webpages loading at times, and sometimes pages would have anomalies in them. Its content blocking is superb though, and it blocks most malicious web pages. Its web filtering works much better than my Netgear Prosecure UTM if that gives you any ideal of how great it works." }-

Thanks for the advice, I appreciate it.

-{ Quote: "Set Norton DNS or Comodo as default in either your Router (preferable) or your network connection (it is explained at Norton ConectSafe website). Check with your real browsing history which DNS provider scores better for you (don't use a default set, Chrome and Comodo use a two phase caching mechanism, top ranked websites are all in this DNS "super" cache, so theoretical test will differ from real life experience, use a list based on your browsing history/surfing habits)." }-

I would like to try a dns service other than what my ISP has. But I have personal issues with Norton and Comodo. Is there a good free DNS service besides these two that offers malware site protection? I would probably be willing to pay for one as well if it was effective and always up to date.

I tried K9 today, and it protect great, but it is a bit to overbearing for my tastes. I still think Panda has the best web filter. Wish they would make it a stand alone download.

-{ Quote: "I tried K9 today, and it protect great, but it is a bit to overbearing for my tastes. I still think Panda has the best web filter. Wish they would make it a stand alone download." }-

I think this is the same only stand alone.

http://software.visicommedia.com/en/products/antiphishing/

The Proxomitron: http://en.wikipedia.org/wiki/Proxomitron

IP blocking: Peerblock, and use the provided malware and other lists from iblocklist.

-{ Quote: "I think this is the same only stand alone.

http://software.visicommedia.com/en/products/antiphishing/" }-


Thanks! Based on the pictures on their website, you are probably right. I am going to try it out.

-{ Quote: "I tried K9 today, and it protect great, but it is a bit to overbearing for my tastes. I still think Panda has the best web filter. Wish they would make it a stand alone download." }-

Open PandaSecurityToolbar.exe with 7-Zip -> $TEMP -> Extract PandaURLFiltering.exe

Both Panda URL Filter and NortonDNS are great, i'm always going back and forth between them, both really effective.

-{ Quote: "Open PandaSecurityToolbar.exe with 7-Zip -> $TEMP -> Extract PandaURLFiltering.exe

Both Panda URL Filter and NortonDNS are great, i'm always going back and forth between them, both really effective." }-

Can't you use both together? I thought they worked in different ways.

They both perform web filtering, but sure, you could use both. One probably catches things the other misses. But, i'm using Chromium also with it's inbuilt phishing and download protection so it's overkill for me, imo.

-{ Quote: "I would like to try a dns service other than what my ISP has. But I have personal issues with Norton and Comodo. Is there a good free DNS service besides these two that offers malware site protection? I would probably be willing to pay for one as well if it was effective and always up to date." }-
DynDNS (http://dyn.com/dns/), Open DNS (www.opendns.com) and Google DNS (https://developers.google.com/speed/public-dns/).

-{ Quote: "DynDNS (http://dyn.com/dns/), Open DNS (www.opendns.com) and Google DNS (https://developers.google.com/speed/public-dns/)." }-
do any of those block malware sites? I saw that opendns blocks phishing sites but their site didn't say anything about malware sites - so I don't know.

I looked at Comodo dns and saw the install instructions are for XP and Vista with no instructions for Windows 7. I'm assuming the Vista instructions will work for Windows 7...but why has this Comodo DNS instruction page not been updated in years? Is their dns service still being actively updated?

http://www.comodo.com/secure-dns/switch/computer.html

I don't really want to try Norton even though I hear it is good...I just don't want to support their company or have anything Norton on my system.

I wish Clear Cloud was still around.

-{ Quote: "do any of those block malware sites? I saw that opendns blocks phishing sites but their site didn't say anything about malware sites - so I don't know." }-
For Open DNS here (https://www.opendns.com/internet-security/) you go.

Here (http://www.wilderssecurity.com/showthread.php?t=317807&highlight=DNS) is a great thread.

-{ Quote: "Open PandaSecurityToolbar.exe with 7-Zip -> $TEMP -> Extract PandaURLFiltering.exe

Both Panda URL Filter and NortonDNS are great, i'm always going back and forth between them, both really effective." }-

Instead of doing that go here: http://software.visicommedia.com/en/products/antiphishing/ It is the same as Panda URL Filter.

-{ Quote: "I have been using Blue Coat K9 Web Protection . You can custom select what you want. I just use malware and phishing options.

http://www1.k9webprotection.com/" }-
I am now a little hesitant about this after reading the comments/reviews here (http://download.cnet.com/K9-Web-Protection/3000-27064_4-10487710.html)

-{ Quote: "Instead of doing that go here: http://software.visicommedia.com/en/products/antiphishing/ It is the same as Panda URL Filter." }-
so is this just a rebranded panda or does it have more/less features?

FWIW K9 worked fine when I tested it, no slowdowns and lots of catagories to select from. Bear in mind though that it's sort of a parental control program, by which I mean that it tracks every website your computer connects to and displays it in your online viewing page. I squeak louder than a glass and a rubber glove and it still kind of freaked me out lol

-{ Quote: "so is this just a rebranded panda or does it have more/less features?" }- Rebranded

-{ Quote: "Instead of doing that go here: http://software.visicommedia.com/en/products/antiphishing/ It is the same as Panda URL Filter." }-

It's just that I've seen a few posts over time in other threads mentioning how you have to install the toolbar to get the URL filter, then uninstall the toolbar but keeping the URL filter as they install separately. I was just pointing out that's not necessarily the case. Also, the Visicom Media version is behind Panda, Visicom Media product version 1.0.1.30 vs Panda 1.0.1.33. I don't know if this matters since it's just an URL filter, just saying.

-{ Quote: "Rebranded" }-
I'll give it a try. Thanks for the info.

-{ Quote: "I'm going to try MBAM Pro web filtering with real time protection disabled and see how it goes. Does anyone know what services, blacklist sites, etc that MBAM uses in its web filtering?" }-


I think MBAM Pro uses Hphosts for web filtering. http://hosts-file.net
Look at the bottom of that website. It states Copyright © 2005 - 2012 Malwarebytes.org - All Rights Reserved

I also use Norton ConnectSafe https://dns.norton.com/

-{ Quote: "I think MBAM uses Hphosts for web filtering. http://hosts-file.net
Look at the bottom of that website. It states Copyright © 2005 - 2012 Malwarebytes.org - All Rights Reserved

I also use Norton ConnectSafe https://dns.norton.com/" }-
Yeah Malwarebytes bought hphosts.

I went to the link below and downloaded/installed the program.

http://software.visicommedia.com/en/products/antiphishing/

Then I went to http://hosts-file.net/ (using chrome with js disabled in sandboxie) and checked against probably 40-50 sites from March of this year flagged for phishing, malware distribution and exploits. Many sites were taken down or would not load at all although many of the phishing sites were up fine. This rebranded Panda url filter did not alert a single time.

Does js need enabled for this to work?

-{ Quote: "The Proxomitron: http://en.wikipedia.org/wiki/Proxomitron

IP blocking: Peerblock, and use the provided malware and other lists from iblocklist." }-

PeerBlock works quite well at blocking problem domains. Very light program too. There's a portable version, for when you want to run it on-demand.

Otherwise, if a site you're wanting to access is blocked, very easy to just unblock the domain for say '15 minutes' and continue. You also have the ability to add additional block lists (malware etc) through the interface.

-{ Quote: "I went to the link below and downloaded/installed the program.

http://software.visicommedia.com/en/products/antiphishing/

Then I went to http://hosts-file.net/ (using chrome with js disabled in sandboxie) and checked against probably 40-50 sites from March of this year flagged for phishing, malware distribution and exploits. Many sites were taken down or would not load at all although many of the phishing sites were up fine. This rebranded Panda url filter did not alert a single time.

Does js need enabled for this to work?" }-

I also noticed it doesn't seem to block anything, where as last time I tested the Panda web-filter it block a ton of links. Maybe the people in charge of updating it are on vacation? lol

-{ Quote: "
Does js need enabled for this to work?" }-
When I tried it, I was using FF with JS being blocked by NoScript, it blocked almost every URL from MDL and malcode but it missed many from one of the lesser known malware sites. That kind of made me wonder about its effectiveness.

I just tried (sandboxed)the rebranded Panda URL filter on a few very old URLs from MDL, it did not block any.

Bo

-{ Quote: "I also noticed it doesn't seem to block anything, where as last time I tested the Panda web-filter it block a ton of links. Maybe the people in charge of updating it are on vacation? lol" }-


-{ Quote: "When I tried it, I was using FF with JS being blocked by NoScript, it blocked almost every URL from MDL and malcode but it missed many from one of the lesser known malware sites. That kind of made me wonder about its effectiveness.

I just tried (sandboxed)the rebranded Panda URL filter on a few very old URLs from MDL, it did not block any.

Bo" }-

Maybe they stopped getting updates? Has anyone tested the real Panda url filter lately?

I tested an av, while also using the Visicom filter yesterday, and the Visicom filter did indeed catch stuff this time.

Most of the ones the webfilter caught were also flagged by Norton DNS and MS Explorers smart filter (or whatever it is called), so I'm not sure the webfilter adds much at this time if you are using something like Norton DNS, Comodo DNS, etc...

-{ Quote: "Maybe they stopped getting updates? Has anyone tested the real Panda url filter lately?" }-


I noticed the version seems a few behind Pandas, but it is being updated throughout the day, as the signature version changes.

FYI the filter (panda/visicom) is the self same filter that is also in Ad-Aware 10.

-{ Quote: "FYI the filter (panda/visicom) is the self same filter that is also in Ad-Aware 10." }-


I thought AdAware10 uses Vipre. Does that mean Vipre also has the same web-filter?

-{ Quote: "is anyone using the k9 product with ad muncher?" }-

I have and they work fine on my machine